Skip to content

Commit f7a9c8f

Browse files
1 parent 36224ba commit f7a9c8f

4 files changed

Lines changed: 166 additions & 0 deletions

File tree

Lines changed: 40 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,40 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-42mq-4cj7-p7xm",
4+
"modified": "2026-06-16T09:32:42Z",
5+
"published": "2026-06-16T09:32:42Z",
6+
"aliases": [
7+
"CVE-2026-8444"
8+
],
9+
"details": "The WP Review Slider Pro plugin for WordPress is vulnerable to SQL Injection via the 'curselrevs[]' parameter of the wpfb_find_reviews AJAX action in versions up to, and including, 12.6.8. This is due to the handler reading $_POST['curselrevs'] raw with no sanitization or type casting, then concatenating each array element directly into a `WHERE id IN ( ... )` clause without quoting and executing via $wpdb->get_results() without $wpdb->prepare(). This makes it possible for authenticated attackers, with Subscriber-level access and above, to append additional SQL queries into already existing queries that can be used to extract sensitive information from the database.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:U/C:H/I:H/A:H"
14+
}
15+
],
16+
"affected": [],
17+
"references": [
18+
{
19+
"type": "ADVISORY",
20+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-8444"
21+
},
22+
{
23+
"type": "WEB",
24+
"url": "https://wpreviewslider.com"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/633d26e9-8a05-4f4b-93a8-5644f2f699db?source=cve"
29+
}
30+
],
31+
"database_specific": {
32+
"cwe_ids": [
33+
"CWE-89"
34+
],
35+
"severity": "HIGH",
36+
"github_reviewed": false,
37+
"github_reviewed_at": null,
38+
"nvd_published_at": "2026-06-16T08:16:24Z"
39+
}
40+
}
Lines changed: 29 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,29 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-cr2w-747q-47qc",
4+
"modified": "2026-06-16T09:32:42Z",
5+
"published": "2026-06-16T09:32:42Z",
6+
"aliases": [
7+
"CVE-2026-46331"
8+
],
9+
"details": "In the Linux kernel, the following vulnerability has been resolved:\n\nnet/sched: fix pedit partial COW leading to page cache corruption\n\ntcf_pedit_act() computes the COW range for skb_ensure_writable()\nonce before the key loop using tcfp_off_max_hint, but the hint does\nnot account for the runtime header offset added by typed keys. This\ncan leave part of the write region un-COW'd.\n\nFix by moving skb_ensure_writable() inside the per-key loop where\nthe actual write offset is known, and add overflow checking on the\noffset arithmetic. For negative offsets (e.g. Ethernet header edits\nat ingress), use skb_cow() to COW the headroom instead. Guard\noffset_valid() against INT_MIN, where negation is undefined.",
10+
"severity": [],
11+
"affected": [],
12+
"references": [
13+
{
14+
"type": "ADVISORY",
15+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-46331"
16+
},
17+
{
18+
"type": "WEB",
19+
"url": "https://git.kernel.org/stable/c/899ee91156e57784090c5565e4f31bd7dbffbc5a"
20+
}
21+
],
22+
"database_specific": {
23+
"cwe_ids": [],
24+
"severity": null,
25+
"github_reviewed": false,
26+
"github_reviewed_at": null,
27+
"nvd_published_at": "2026-06-16T08:16:23Z"
28+
}
29+
}
Lines changed: 29 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,29 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-qpm5-pwpp-hh9x",
4+
"modified": "2026-06-16T09:32:42Z",
5+
"published": "2026-06-16T09:32:42Z",
6+
"aliases": [
7+
"CVE-2025-9912"
8+
],
9+
"details": "Nokia SR Linux is vulnerable to a local privilege escalation vulnerability. Successful exploitation of this vulnerability may allow an authenticated user to execute arbitrary commands with superuser privilege.",
10+
"severity": [],
11+
"affected": [],
12+
"references": [
13+
{
14+
"type": "ADVISORY",
15+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2025-9912"
16+
},
17+
{
18+
"type": "WEB",
19+
"url": "https://www.nokia.com/we-are-nokia/security/product-security-advisory/cve-2025-9912"
20+
}
21+
],
22+
"database_specific": {
23+
"cwe_ids": [],
24+
"severity": null,
25+
"github_reviewed": false,
26+
"github_reviewed_at": null,
27+
"nvd_published_at": "2026-06-16T08:16:23Z"
28+
}
29+
}
Lines changed: 68 additions & 0 deletions
Original file line numberDiff line numberDiff line change
@@ -0,0 +1,68 @@
1+
{
2+
"schema_version": "1.4.0",
3+
"id": "GHSA-r4jp-23x3-5jhg",
4+
"modified": "2026-06-16T09:32:42Z",
5+
"published": "2026-06-16T09:32:42Z",
6+
"aliases": [
7+
"CVE-2026-10093"
8+
],
9+
"details": "The File Sharing & Download Manager – User Private Files plugin for WordPress is vulnerable to Stored Cross-Site Scripting via the 'fldr_ttl' parameter in all versions up to, and including, 2.1.6 due to insufficient input sanitization and output escaping. This makes it possible for authenticated attackers, with subscriber-level access and above, to inject arbitrary web scripts in pages that will execute whenever a user accesses an injected page.",
10+
"severity": [
11+
{
12+
"type": "CVSS_V3",
13+
"score": "CVSS:3.1/AV:N/AC:L/PR:L/UI:N/S:C/C:L/I:L/A:N"
14+
}
15+
],
16+
"affected": [],
17+
"references": [
18+
{
19+
"type": "ADVISORY",
20+
"url": "https://nvd.nist.gov/vuln/detail/CVE-2026-10093"
21+
},
22+
{
23+
"type": "WEB",
24+
"url": "https://plugins.trac.wordpress.org/browser/user-private-files/tags/2.1.6/inc/functions-folder.php#L463"
25+
},
26+
{
27+
"type": "WEB",
28+
"url": "https://plugins.trac.wordpress.org/browser/user-private-files/tags/2.1.6/templates/files-shared.php#L255"
29+
},
30+
{
31+
"type": "WEB",
32+
"url": "https://plugins.trac.wordpress.org/browser/user-private-files/tags/2.1.6/templates/files-shared.php#L260"
33+
},
34+
{
35+
"type": "WEB",
36+
"url": "https://plugins.trac.wordpress.org/browser/user-private-files/tags/2.1.6/templates/files.php#L160"
37+
},
38+
{
39+
"type": "WEB",
40+
"url": "https://plugins.trac.wordpress.org/browser/user-private-files/tags/2.1.6/templates/files.php#L165"
41+
},
42+
{
43+
"type": "WEB",
44+
"url": "https://plugins.trac.wordpress.org/browser/user-private-files/tags/2.1.6/templates/render.php#L68"
45+
},
46+
{
47+
"type": "WEB",
48+
"url": "https://plugins.trac.wordpress.org/changeset/3565400/user-private-files/trunk/templates/files-shared.php"
49+
},
50+
{
51+
"type": "WEB",
52+
"url": "https://plugins.trac.wordpress.org/changeset?old_path=%2Fuser-private-files/tags/2.1.6&new_path=%2Fuser-private-files/tags/2.1.7"
53+
},
54+
{
55+
"type": "WEB",
56+
"url": "https://www.wordfence.com/threat-intel/vulnerabilities/id/5ee0dd57-6256-4a56-907e-89336f052b6d?source=cve"
57+
}
58+
],
59+
"database_specific": {
60+
"cwe_ids": [
61+
"CWE-79"
62+
],
63+
"severity": "MODERATE",
64+
"github_reviewed": false,
65+
"github_reviewed_at": null,
66+
"nvd_published_at": "2026-06-16T08:16:23Z"
67+
}
68+
}

0 commit comments

Comments
 (0)